News on CASL Offenders and Penalties

In July of 2014, the Canadian government introduced the Canadian Anti-Spam Legislation, commonly known as CASL, which was far and away the most aggressive legislative move to combat spam in the world. CASL shifted the burden of including an "opt out" mechanism with all marketing emails (CANSPAM ACT 2013), to an "Opt in" requirement (CASL 2014), with offenders facing unprecedented fines.

CASL was introduced in three phases, and came into force by the following schedule:

July 1, 2014: the anti-spam provisions come into force and the three-year transitional period begins

January 15, 2015: the consent and notice rules for installation of computer programs come into force and the three-year transitional period for computer programs begins

July 1, 2017: the private right of action comes into force, the transitional period for commercial electronic messages ends and the three-year mandatory review for CASL will be triggered

Back in 2014, the main guiding principles of CASL were that you had to acquire "explicit" permission from the recipients, which included a double opt-in process, or you'd have to have "implied" permission to send them email.

Implied permissions was generally governed by whether you had done business with the recipients in the previous 12-months, or had an ongoing history of communication with them. The explicit/implicit permission rules were admittedly nebulous, but they were meant to provide a manageable transition period whereby businesses could gradually acquire "explicit" permission from members of the distribution list over a three year period - which will soon expire in a matter of months.

PENALTIES FOR NONCOMPLIANCE

Yes, the three year transition period is now down to the last six months, and most Canadian businesses are woefully unprepared for the last stage of CASL to go into effect on July 1st of 2017. Organizations that don’t comply risk serious penalties, including criminal charges, civil charges, and personal liability for company officers and directors, and penalties up to $10 million.

WHAT CAN CANADIAN BUSINESSES DO TO PREPARE FOR CASL

Yes, these penalties are severe, but you can take steps to ensure your business is in compliance, and minimize your risk of fines. While the steps each organization must take to comply may differ, Canadian businesses should do the following to prepare for CASL:

Identify the channels through which you send commercial electronic messages (In other words, are you sending internal emails, or using an external email or text messaging service).

Make sure your messages contain the content required by CASL (namely the sender’s name, company, mailing address and either a phone number, email address or website where recipients can access an agent for more information. They must also include the name of any 3rd party broadcasting service, and a free electronic unsubscribe option)

Assess if you have tracked whether you have implied or express consent to send messages, and if not, develop a plan to obtain such consent

Determine how CASL compliance will be managed (CRM, IT systems, and staff training and awareness programs)

Keep an audit trail, since CASL contains a “due diligence” defense

In other words, have a CRM, have an emarketing service, and have a plan in place for your business.

If you’re reading this post, you likely have Act! as your CRM already, and you are no doubt familiar with Swiftpage's Act! Emarketing service - which puts you in pretty good shape for two of the three required steps. The third step, however, is a bit trickier. It involves developing a plan to acquire opt-in consent from hundreds, if not thousands of your contacts; have these consents gathered in a CASL compliant manner; and then have them recorded in your Act! database well enough to stand-up to legal scrutiny.

These are not easy tasks, especially when you consider most small businesses in Canada cannot afford a team of cold-callers or data entry clerks to manage this process, much less quickly, and perhaps on an open-ended basis.

No, for this "plan" to be effective, it must be quick, easy, and economical, which is why we're so pleased to introduce the "Act4CASL" program - a unique application and online service that painlessly integrates with Act! to automate the CASL compliance process.

SO WHAT IS “ACT4CASL”?

Act4CASL is an application & online service, developed by Keystroke, that delivers emailed opt-in requests, records your contact's responses in an online database, and then syncs those responses back to your Act! database at the click of a button.

Once your Act! database is updated to reflect your contact’s opt-in permissions, you can create your new marketing groups within Act! that incorporates this consent, and be confident you’ve exercised reasonable due diligence in complying with CASL.

It takes only a couple of minutes to setup, and even novice Act! users can do it themselves. No HTML, merge mail, or Outlook experience required! Most importantly, though, is it's available in early January 2017, leaving Act4CASL subscribers almost six months to get their business ready for the last stage of CASL to be implemented.

Act4CASL setup steps are as follows:

Install and activate Act4CASL software

Enter your email settings into the software.

Act4CASL creates the one field and pull-down menu required in your Act! database